DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.psm1

function Get-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Collections.Hashtable])]
    param
    (
        [Parameter(Mandatory = $true)]
        [System.String]
        $Name,

        [Parameter(Mandatory = $true)]
        [System.String]
        $InsiderRiskScenario,

        [Parameter()]
        [System.Boolean]
        $Anonymization,

        [Parameter()]
        [System.Boolean]
        $DLPUserRiskSync,

        [Parameter()]
        [System.Boolean]
        $OptInIRMDataExport,

        [Parameter()]
        [System.Boolean]
        $RaiseAuditAlert,

        [Parameter()]
        [System.String]
        $FileVolCutoffLimits,

        [Parameter()]
        [System.String]
        $AlertVolume,

        [Parameter()]
        [System.Boolean]
        $AnomalyDetections,

        [Parameter()]
        [System.Boolean]
        $CopyToPersonalCloud,

        [Parameter()]
        [System.Boolean]
        $CopyToUSB,

        [Parameter()]
        [System.Boolean]
        $CumulativeExfiltrationDetector,

        [Parameter()]
        [System.Boolean]
        $EmailExternal,

        [Parameter()]
        [System.Boolean]
        $EmployeeAccessedEmployeePatientData,

        [Parameter()]
        [System.Boolean]
        $EmployeeAccessedFamilyData,

        [Parameter()]
        [System.Boolean]
        $EmployeeAccessedHighVolumePatientData,

        [Parameter()]
        [System.Boolean]
        $EmployeeAccessedNeighbourData,

        [Parameter()]
        [System.Boolean]
        $EmployeeAccessedRestrictedData,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToChildAbuseSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToCriminalActivitySites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToCultSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToGamblingSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToHackingSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToHateIntoleranceSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToIllegalSoftwareSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToKeyloggerSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToLlmSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToMalwareSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToPhishingSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToPornographySites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToUnallowedDomain,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToViolenceSites,

        [Parameter()]
        [System.Boolean]
        $EpoCopyToClipboardFromSensitiveFile,

        [Parameter()]
        [System.Boolean]
        $EpoCopyToNetworkShare,

        [Parameter()]
        [System.Boolean]
        $EpoFileArchived,

        [Parameter()]
        [System.Boolean]
        $EpoFileCopiedToRemoteDesktopSession,

        [Parameter()]
        [System.Boolean]
        $EpoFileDeleted,

        [Parameter()]
        [System.Boolean]
        $EpoFileDownloadedFromBlacklistedDomain,

        [Parameter()]
        [System.Boolean]
        $EpoFileDownloadedFromEnterpriseDomain,

        [Parameter()]
        [System.Boolean]
        $EpoFileRenamed,

        [Parameter()]
        [System.Boolean]
        $EpoFileStagedToCentralLocation,

        [Parameter()]
        [System.Boolean]
        $EpoHiddenFileCreated,

        [Parameter()]
        [System.Boolean]
        $EpoRemovableMediaMount,

        [Parameter()]
        [System.Boolean]
        $EpoSensitiveFileRead,

        [Parameter()]
        [System.Boolean]
        $Mcas3rdPartyAppDownload,

        [Parameter()]
        [System.Boolean]
        $Mcas3rdPartyAppFileDelete,

        [Parameter()]
        [System.Boolean]
        $Mcas3rdPartyAppFileSharing,

        [Parameter()]
        [System.Boolean]
        $McasActivityFromInfrequentCountry,

        [Parameter()]
        [System.Boolean]
        $McasImpossibleTravel,

        [Parameter()]
        [System.Boolean]
        $McasMultipleFailedLogins,

        [Parameter()]
        [System.Boolean]
        $McasMultipleStorageDeletion,

        [Parameter()]
        [System.Boolean]
        $McasMultipleVMCreation,

        [Parameter()]
        [System.Boolean]
        $McasMultipleVMDeletion,

        [Parameter()]
        [System.Boolean]
        $McasSuspiciousAdminActivities,

        [Parameter()]
        [System.Boolean]
        $McasSuspiciousCloudCreation,

        [Parameter()]
        [System.Boolean]
        $McasSuspiciousCloudTrailLoggingChange,

        [Parameter()]
        [System.Boolean]
        $McasTerminatedEmployeeActivity,

        [Parameter()]
        [System.Boolean]
        $OdbDownload,

        [Parameter()]
        [System.Boolean]
        $OdbSyncDownload,

        [Parameter()]
        [System.Boolean]
        $PeerCumulativeExfiltrationDetector,

        [Parameter()]
        [System.Boolean]
        $PhysicalAccess,

        [Parameter()]
        [System.Boolean]
        $PotentialHighImpactUser,

        [Parameter()]
        [System.Boolean]
        $Print,

        [Parameter()]
        [System.Boolean]
        $PriorityUserGroupMember,

        [Parameter()]
        [System.Boolean]
        $SecurityAlertDefenseEvasion,

        [Parameter()]
        [System.Boolean]
        $SecurityAlertUnwantedSoftware,

        [Parameter()]
        [System.Boolean]
        $SpoAccessRequest,

        [Parameter()]
        [System.Boolean]
        $SpoApprovedAccess,

        [Parameter()]
        [System.Boolean]
        $SpoDownload,

        [Parameter()]
        [System.Boolean]
        $SpoDownloadV2,

        [Parameter()]
        [System.Boolean]
        $SpoFileAccessed,

        [Parameter()]
        [System.Boolean]
        $SpoFileDeleted,

        [Parameter()]
        [System.Boolean]
        $SpoFileDeletedFromFirstStageRecycleBin,

        [Parameter()]
        [System.Boolean]
        $SpoFileDeletedFromSecondStageRecycleBin,

        [Parameter()]
        [System.Boolean]
        $SpoFileLabelDowngraded,

        [Parameter()]
        [System.Boolean]
        $SpoFileLabelRemoved,

        [Parameter()]
        [System.Boolean]
        $SpoFileSharing,

        [Parameter()]
        [System.Boolean]
        $SpoFolderDeleted,

        [Parameter()]
        [System.Boolean]
        $SpoFolderDeletedFromFirstStageRecycleBin,

        [Parameter()]
        [System.Boolean]
        $SpoFolderDeletedFromSecondStageRecycleBin,

        [Parameter()]
        [System.Boolean]
        $SpoFolderSharing,

        [Parameter()]
        [System.Boolean]
        $SpoSiteExternalUserAdded,

        [Parameter()]
        [System.Boolean]
        $SpoSiteInternalUserAdded,

        [Parameter()]
        [System.Boolean]
        $SpoSiteLabelRemoved,

        [Parameter()]
        [System.Boolean]
        $SpoSiteSharing,

        [Parameter()]
        [System.Boolean]
        $SpoSyncDownload,

        [Parameter()]
        [System.Boolean]
        $TeamsChannelFileSharedExternal,

        [Parameter()]
        [System.Boolean]
        $TeamsChannelMemberAddedExternal,

        [Parameter()]
        [System.Boolean]
        $TeamsChatFileSharedExternal,

        [Parameter()]
        [System.Boolean]
        $TeamsFileDownload,

        [Parameter()]
        [System.Boolean]
        $TeamsFolderSharedExternal,

        [Parameter()]
        [System.Boolean]
        $TeamsMemberAddedExternal,

        [Parameter()]
        [System.Boolean]
        $TeamsSensitiveMessage,

        [Parameter()]
        [System.Boolean]
        $UserHistory,

        [Parameter()]
        [System.Boolean]
        $AWSS3BlockPublicAccessDisabled,

        [Parameter()]
        [System.Boolean]
        $AWSS3BucketDeleted,

        [Parameter()]
        [System.Boolean]
        $AWSS3PublicAccessEnabled,

        [Parameter()]
        [System.Boolean]
        $AWSS3ServerLoggingDisabled,

        [Parameter()]
        [System.Boolean]
        $AzureElevateAccessToAllSubscriptions,

        [Parameter()]
        [System.Boolean]
        $AzureResourceThreatProtectionSettingsUpdated,

        [Parameter()]
        [System.Boolean]
        $AzureSQLServerAuditingSettingsUpdated,

        [Parameter()]
        [System.Boolean]
        $AzureSQLServerFirewallRuleDeleted,

        [Parameter()]
        [System.Boolean]
        $AzureSQLServerFirewallRuleUpdated,

        [Parameter()]
        [System.Boolean]
        $AzureStorageAccountOrContainerDeleted,

        [Parameter()]
        [System.Boolean]
        $BoxContentAccess,

        [Parameter()]
        [System.Boolean]
        $BoxContentDelete,

        [Parameter()]
        [System.Boolean]
        $BoxContentDownload,

        [Parameter()]
        [System.Boolean]
        $BoxContentExternallyShared,

        [Parameter()]
        [System.Boolean]
        $CCFinancialRegulatoryRiskyTextSent,

        [Parameter()]
        [System.Boolean]
        $CCInappropriateContentSent,

        [Parameter()]
        [System.Boolean]
        $CCInappropriateImagesSent,

        [Parameter()]
        [System.Boolean]
        $DropboxContentAccess,

        [Parameter()]
        [System.Boolean]
        $DropboxContentDelete,

        [Parameter()]
        [System.Boolean]
        $DropboxContentDownload,

        [Parameter()]
        [System.Boolean]
        $DropboxContentExternallyShared,

        [Parameter()]
        [System.Boolean]
        $GoogleDriveContentAccess,

        [Parameter()]
        [System.Boolean]
        $GoogleDriveContentDelete,

        [Parameter()]
        [System.Boolean]
        $GoogleDriveContentExternallyShared,

        [Parameter()]
        [System.Boolean]
        $PowerBIDashboardsDeleted,

        [Parameter()]
        [System.Boolean]
        $PowerBIReportsDeleted,

        [Parameter()]
        [System.Boolean]
        $PowerBIReportsDownloaded,

        [Parameter()]
        [System.Boolean]
        $PowerBIReportsExported,

        [Parameter()]
        [System.Boolean]
        $PowerBIReportsViewed,

        [Parameter()]
        [System.Boolean]
        $PowerBISemanticModelsDeleted,

        [Parameter()]
        [System.Boolean]
        $PowerBISensitivityLabelDowngradedForArtifacts,

        [Parameter()]
        [System.Boolean]
        $PowerBISensitivityLabelRemovedFromArtifacts,

        [Parameter()]
        [System.String]
        $HistoricTimeSpan,

        [Parameter()]
        [System.String]
        $InScopeTimeSpan,

        [Parameter()]
        [System.Boolean]
        $EnableTeam,

        [Parameter()]
        [System.Boolean]
        $AnalyticsNewInsightEnabled,

        [Parameter()]
        [System.Boolean]
        $AnalyticsTurnedOffEnabled,

        [Parameter()]
        [System.Boolean]
        $HighSeverityAlertsEnabled,

        [Parameter()]
        [System.String[]]
        $HighSeverityAlertsRoleGroups,

        [Parameter()]
        [System.Boolean]
        $PoliciesHealthEnabled,

        [Parameter()]
        [System.String[]]
        $PoliciesHealthRoleGroups,

        [Parameter()]
        [System.Boolean]
        $NotificationDetailsEnabled,

        [Parameter()]
        [System.String[]]
        $NotificationDetailsRoleGroups,

        [Parameter()]
        [System.Boolean]
        $ClipDeletionEnabled,

        [Parameter()]
        [System.Boolean]
        $SessionRecordingEnabled,

        [Parameter()]
        [System.String]
        $RecordingTimeframePreEventInSec,

        [Parameter()]
        [System.String]
        $RecordingTimeframePostEventInSec,

        [Parameter()]
        [System.String]
        $BandwidthCapInMb,

        [Parameter()]
        [System.String]
        $OfflineRecordingStorageLimitInMb,

        [Parameter()]
        [System.Boolean]
        $AdaptiveProtectionEnabled,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionHighProfileSourceType,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionHighProfileConfirmedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionHighProfileGeneratedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionHighProfileInsightSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionHighProfileInsightCount,

        [Parameter()]
        [System.String[]]
        $AdaptiveProtectionHighProfileInsightTypes,

        [Parameter()]
        [System.Boolean]
        $AdaptiveProtectionHighProfileConfirmedIssue,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionMediumProfileSourceType,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionMediumProfileConfirmedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionMediumProfileGeneratedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionMediumProfileInsightSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionMediumProfileInsightCount,

        [Parameter()]
        [System.String[]]
        $AdaptiveProtectionMediumProfileInsightTypes,

        [Parameter()]
        [System.Boolean]
        $AdaptiveProtectionMediumProfileConfirmedIssue,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionLowProfileSourceType,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionLowProfileConfirmedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionLowProfileGeneratedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionLowProfileInsightSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionLowProfileInsightCount,

        [Parameter()]
        [System.String[]]
        $AdaptiveProtectionLowProfileInsightTypes,

        [Parameter()]
        [System.Boolean]
        $AdaptiveProtectionLowProfileConfirmedIssue,

        [Parameter()]
        [System.UInt32]
        $ProfileInscopeTimeSpan,

        [Parameter()]
        [System.UInt32]
        $LookbackTimeSpan,

        [Parameter()]
        [System.Boolean]
        $RetainSeverityAfterTriage,

        [Parameter()]
        [ValidateSet('Present', 'Absent')]
        [System.String]
        $Ensure = 'Present',

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $Credential,

        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint,

        [Parameter()]
        [Switch]
        $ManagedIdentity,

        [Parameter()]
        [System.String[]]
        $AccessTokens
    )

    New-M365DSCConnection -Workload 'SecurityComplianceCenter' `
        -InboundParameters $PSBoundParameters | Out-Null

    #Ensure the proper dependencies are installed in the current environment.
    Confirm-M365DSCDependencies

    #region Telemetry
    $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '')
    $CommandName = $MyInvocation.MyCommand
    $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
        -CommandName $CommandName `
        -Parameters $PSBoundParameters
    Add-M365DSCTelemetryEvent -Data $data
    #endregion

    $nullResult = $PSBoundParameters
    $nullResult.Ensure = 'Absent'
    try
    {
        if ($null -ne $Script:exportedInstances -and $Script:ExportMode)
        {
            $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name}
        }
        else
        {
            $instance = Get-InsiderRiskPolicy -Identity $Name
        }

        if ($null -eq $instance)
        {
            return $nullResult
        }

        $results = @{
            Name                  = $instance.Name
            InsiderRiskScenario   = $instance.InsiderRiskScenario
            Ensure                = 'Present'
            Credential            = $Credential
            ApplicationId         = $ApplicationId
            TenantId              = $TenantId
            CertificateThumbprint = $CertificateThumbprint
            ManagedIdentity       = $ManagedIdentity.IsPresent
            AccessTokens          = $AccessTokens
        }

        if (-not [System.String]::IsNullOrEmpty($instance.SessionRecordingSettings))
        {
            $SessionRecordingSettings = ConvertFrom-Json $instance.SessionRecordingSettings
            $forensicSettingsHash = @{
                ClipDeletionEnabled              = [Boolean]($SessionRecordingSettings.ClipDeletionEnabled)
                SessionRecordingEnabled          = [Boolean]($SessionRecordingSettings.Enabled)
                RecordingTimeframePreEventInSec  = $SessionRecordingSettings.RecordingTimeframePreEventInSec
                RecordingTimeframePostEventInSec = $SessionRecordingSettings.RecordingTimeframePostEventInSec
                BandwidthCapInMb                 = $SessionRecordingSettings.BandwidthCapInMb
                OfflineRecordingStorageLimitInMb = $SessionRecordingSettings.OfflineRecordingStorageLimitInMb
            }
            $results += $forensicSettingsHash
        }

        if (-not [System.String]::IsNullOrEmpty($instance.TenantSettings) -and $instance.TenantSettings.Length -gt 0)
        {
            $tenantSettings = ConvertFrom-Json $instance.TenantSettings[0]

            $DLPUserRiskSyncValue = $null
            if (-not [System.String]::IsNullOrEmpty($tenantSettings.FeatureSettings.DLPUserRiskSync))
            {
                $DLPUserRiskSyncValue = [Boolean]::Parse($tenantSettings.FeatureSettings.DLPUserRiskSync)
            }

            $AnonymizationValue = $null
            if (-not [System.String]::IsNullOrEmpty($tenantSettings.FeatureSettings.Anonymization))
            {
                $AnonymizationValue = [Boolean]::Parse($tenantSettings.FeatureSettings.Anonymization)
            }

            $OptInIRMDataExportValue = $null
            if (-not [System.String]::IsNullOrEmpty($tenantSettings.FeatureSettings.OptInIRMDataExport))
            {
                $OptInIRMDataExportValue = [Boolean]::Parse($tenantSettings.FeatureSettings.OptInIRMDataExport)
            }

            $RaiseAuditAlertValue = $null
            if (-not [System.String]::IsNullOrEmpty($tenantSettings.FeatureSettings.RaiseAuditAlert))
            {
                $RaiseAuditAlertValue = [Boolean]::Parse($tenantSettings.FeatureSettings.RaiseAuditAlert)
            }

            $tenantSettingsHash = @{
                Anonymization                                 = $AnonymizationValue
                DLPUserRiskSync                               = $DLPUserRiskSyncValue
                OptInIRMDataExport                            = $OptInIRMDataExportValue
                RaiseAuditAlert                               = $RaiseAuditAlertValue
                FileVolCutoffLimits                           = $tenantSettings.IntelligentDetections.FileVolCutoffLimits
                AlertVolume                                   = $tenantSettings.IntelligentDetections.AlertVolume
                AnomalyDetections                             = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'AnomalyDetections'}).Enabled
                CopyToPersonalCloud                           = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'CopyToPersonalCloud'}).Enabled
                CopyToUSB                                     = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'CopyToUSB'}).Enabled
                CumulativeExfiltrationDetector                = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'CumulativeExfiltrationDetector'}).Enabled
                EmailExternal                                 = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmailExternal'}).Enabled
                EmployeeAccessedEmployeePatientData           = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmployeeAccessedEmployeePatientData'}).Enabled
                EmployeeAccessedFamilyData                    = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmployeeAccessedFamilyData'}).Enabled
                EmployeeAccessedHighVolumePatientData         = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmployeeAccessedHighVolumePatientData'}).Enabled
                EmployeeAccessedNeighbourData                 = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmployeeAccessedNeighbourData'}).Enabled
                EmployeeAccessedRestrictedData                = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmployeeAccessedRestrictedData'}).Enabled
                EpoBrowseToChildAbuseSites                    = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToChildAbuseSites'}).Enabled
                EpoBrowseToCriminalActivitySites              = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToCriminalActivitySites'}).Enabled
                EpoBrowseToCultSites                          = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToCultSites'}).Enabled
                EpoBrowseToGamblingSites                      = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToGamblingSites'}).Enabled
                EpoBrowseToHackingSites                       = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToHackingSites'}).Enabled
                EpoBrowseToHateIntoleranceSites               = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToHateIntoleranceSites'}).Enabled
                EpoBrowseToIllegalSoftwareSites               = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToIllegalSoftwareSites'}).Enabled
                EpoBrowseToKeyloggerSites                     = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToKeyloggerSites'}).Enabled
                EpoBrowseToLlmSites                           = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToLlmSites'}).Enabled
                EpoBrowseToMalwareSites                       = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToMalwareSites'}).Enabled
                EpoBrowseToPhishingSites                      = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToPhishingSites'}).Enabled
                EpoBrowseToPornographySites                   = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToPornographySites'}).Enabled
                EpoBrowseToUnallowedDomain                    = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToUnallowedDomain'}).Enabled
                EpoBrowseToViolenceSites                      = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToViolenceSites'}).Enabled
                EpoCopyToClipboardFromSensitiveFile           = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoCopyToClipboardFromSensitiveFile'}).Enabled
                EpoCopyToNetworkShare                         = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoCopyToNetworkShare'}).Enabled
                EpoFileArchived                               = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileArchived'}).Enabled
                EpoFileCopiedToRemoteDesktopSession           = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileCopiedToRemoteDesktopSession'}).Enabled
                EpoFileDeleted                                = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileDeleted'}).Enabled
                EpoFileDownloadedFromBlacklistedDomain        = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileDownloadedFromBlacklistedDomain'}).Enabled
                EpoFileDownloadedFromEnterpriseDomain         = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileDownloadedFromEnterpriseDomain'}).Enabled
                EpoFileRenamed                                = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileRenamed'}).Enabled
                EpoFileStagedToCentralLocation                = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileStagedToCentralLocation'}).Enabled
                EpoHiddenFileCreated                          = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoHiddenFileCreated'}).Enabled
                EpoRemovableMediaMount                        = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoRemovableMediaMount'}).Enabled
                EpoSensitiveFileRead                          = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoSensitiveFileRead'}).Enabled
                Mcas3rdPartyAppDownload                       = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'Mcas3rdPartyAppDownload'}).Enabled
                Mcas3rdPartyAppFileDelete                     = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'Mcas3rdPartyAppFileDelete'}).Enabled
                Mcas3rdPartyAppFileSharing                    = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'Mcas3rdPartyAppFileSharing'}).Enabled
                McasActivityFromInfrequentCountry             = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasActivityFromInfrequentCountry'}).Enabled
                McasImpossibleTravel                          = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasImpossibleTravel'}).Enabled
                McasMultipleFailedLogins                      = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasMultipleFailedLogins'}).Enabled
                McasMultipleStorageDeletion                   = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasMultipleStorageDeletion'}).Enabled
                McasMultipleVMCreation                        = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasMultipleVMCreation'}).Enabled
                McasMultipleVMDeletion                        = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasMultipleVMDeletion'}).Enabled
                McasSuspiciousAdminActivities                 = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasSuspiciousAdminActivities'}).Enabled
                McasSuspiciousCloudCreation                   = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasSuspiciousCloudCreation'}).Enabled
                McasSuspiciousCloudTrailLoggingChange         = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasSuspiciousCloudTrailLoggingChange'}).Enabled
                McasTerminatedEmployeeActivity                = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasTerminatedEmployeeActivity'}).Enabled
                OdbDownload                                   = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'OdbDownload'}).Enabled
                OdbSyncDownload                               = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'OdbSyncDownload'}).Enabled
                PeerCumulativeExfiltrationDetector            = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'PeerCumulativeExfiltrationDetector'}).Enabled
                PhysicalAccess                                = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'PhysicalAccess'}).Enabled
                PotentialHighImpactUser                       = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'PotentialHighImpactUser'}).Enabled
                Print                                         = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'Print'}).Enabled
                PriorityUserGroupMember                       = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'PriorityUserGroupMember'}).Enabled
                SecurityAlertDefenseEvasion                   = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SecurityAlertDefenseEvasion'}).Enabled
                SecurityAlertUnwantedSoftware                 = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SecurityAlertUnwantedSoftware'}).Enabled
                SpoAccessRequest                              = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoAccessRequest'}).Enabled
                SpoApprovedAccess                             = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoApprovedAccess'}).Enabled
                SpoDownload                                   = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoDownload'}).Enabled
                SpoDownloadV2                                 = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoDownloadV2'}).Enabled
                SpoFileAccessed                               = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileAccessed'}).Enabled
                SpoFileDeleted                                = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileDeleted'}).Enabled
                SpoFileDeletedFromFirstStageRecycleBin        = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileDeletedFromFirstStageRecycleBin'}).Enabled
                SpoFileDeletedFromSecondStageRecycleBin       = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileDeletedFromSecondStageRecycleBin'}).Enabled
                SpoFileLabelDowngraded                        = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileLabelDowngraded'}).Enabled
                SpoFileLabelRemoved                           = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileLabelRemoved'}).Enabled
                SpoFileSharing                                = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileSharing'}).Enabled
                SpoFolderDeleted                              = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFolderDeleted'}).Enabled
                SpoFolderDeletedFromFirstStageRecycleBin      = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFolderDeletedFromFirstStageRecycleBin'}).Enabled
                SpoFolderDeletedFromSecondStageRecycleBin     = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFolderDeletedFromSecondStageRecycleBin'}).Enabled
                SpoFolderSharing                              = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFolderSharing'}).Enabled
                SpoSiteExternalUserAdded                      = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoSiteExternalUserAdded'}).Enabled
                SpoSiteInternalUserAdded                      = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoSiteInternalUserAdded'}).Enabled
                SpoSiteLabelRemoved                           = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoSiteLabelRemoved'}).Enabled
                SpoSiteSharing                                = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoSiteSharing'}).Enabled
                SpoSyncDownload                               = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoSyncDownload'}).Enabled
                TeamsChannelFileSharedExternal                = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsChannelFileSharedExternal'}).Enabled
                TeamsChannelMemberAddedExternal               = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsChannelMemberAddedExternal'}).Enabled
                TeamsChatFileSharedExternal                   = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsChatFileSharedExternal'}).Enabled
                TeamsFileDownload                             = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsFileDownload'}).Enabled
                TeamsFolderSharedExternal                     = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsFolderSharedExternal'}).Enabled
                TeamsMemberAddedExternal                      = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsMemberAddedExternal'}).Enabled
                TeamsSensitiveMessage                         = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsSensitiveMessage'}).Enabled
                UserHistory                                   = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'UserHistory'}).Enabled
                AWSS3BlockPublicAccessDisabled                = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AWSS3BlockPublicAccessDisabled'}).Enabled
                AWSS3BucketDeleted                            = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AWSS3BucketDeleted'}).Enabled
                AWSS3PublicAccessEnabled                      = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AWSS3PublicAccessEnabled'}).Enabled
                AWSS3ServerLoggingDisabled                    = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AWSS3ServerLoggingDisabled'}).Enabled
                AzureElevateAccessToAllSubscriptions          = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureElevateAccessToAllSubscriptions'}).Enabled
                AzureResourceThreatProtectionSettingsUpdated  = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureResourceThreatProtectionSettingsUpdated'}).Enabled
                AzureSQLServerAuditingSettingsUpdated         = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureSQLServerAuditingSettingsUpdated'}).Enabled
                AzureSQLServerFirewallRuleDeleted             = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureSQLServerFirewallRuleDeleted'}).Enabled
                AzureSQLServerFirewallRuleUpdated             = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureSQLServerFirewallRuleUpdated'}).Enabled
                AzureStorageAccountOrContainerDeleted         = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureStorageAccountOrContainerDeleted'}).Enabled
                BoxContentAccess                              = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'BoxContentAccess'}).Enabled
                BoxContentDelete                              = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'BoxContentDelete'}).Enabled
                BoxContentDownload                            = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'BoxContentDownload'}).Enabled
                BoxContentExternallyShared                    = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'BoxContentExternallyShared'}).Enabled
                CCFinancialRegulatoryRiskyTextSent            = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'CCFinancialRegulatoryRiskyTextSent'}).Enabled
                CCInappropriateContentSent                    = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'CCInappropriateContentSent'}).Enabled
                CCInappropriateImagesSent                     = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'CCInappropriateImagesSent'}).Enabled
                DropboxContentAccess                          = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'DropboxContentAccess'}).Enabled
                DropboxContentDelete                          = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'DropboxContentDelete'}).Enabled
                DropboxContentDownload                        = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'DropboxContentDownload'}).Enabled
                DropboxContentExternallyShared                = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'DropboxContentExternallyShared'}).Enabled
                GoogleDriveContentAccess                      = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'GoogleDriveContentAccess'}).Enabled
                GoogleDriveContentDelete                      = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'GoogleDriveContentDelete'}).Enabled
                GoogleDriveContentExternallyShared            = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'GoogleDriveContentExternallyShared'}).Enabled
                PowerBIDashboardsDeleted                      = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBIDashboardsDeleted'}).Enabled
                PowerBIReportsDeleted                         = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBIReportsDeleted'}).Enabled
                PowerBIReportsDownloaded                      = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBIReportsDownloaded'}).Enabled
                PowerBIReportsExported                        = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBIReportsExported'}).Enabled
                PowerBIReportsViewed                          = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBIReportsViewed'}).Enabled
                PowerBISemanticModelsDeleted                  = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBISemanticModelsDeleted'}).Enabled
                PowerBISensitivityLabelDowngradedForArtifacts = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBISensitivityLabelDowngradedForArtifacts'}).Enabled
                PowerBISensitivityLabelRemovedFromArtifacts   = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBISensitivityLabelRemovedFromArtifacts'}).Enabled
                HistoricTimeSpan                              = $tenantSettings.TimeSpan.HistoricTimeSpan
                InScopeTimeSpan                               = $tenantSettings.TimeSpan.InScopeTimeSpan
                EnableTeam                                    = [Boolean]($tenantSettings.FeatureSettings.EnableTeam)
            }

            $AnalyticsNewInsight = $tenantSettings.NotificationPreferences | Where-Object -FilterScript {$_.NotificationType -eq 'AnalyticsNewInsight'}
            if ($null -ne $AnalyticsNewInsight)
            {
                $tenantSettingsHash.Add('AnalyticsNewInsightEnabled', [Boolean]$AnalyticsNewInsight.Enabled)
            }

            $AnalyticsTurnedOff = $tenantSettings.NotificationPreferences | Where-Object -FilterScript {$_.NotificationType -eq 'AnalyticsTurnedOff'}
            if ($null -ne $AnalyticsTurnedOff)
            {
                $tenantSettingsHash.Add('AnalyticsTurnedOffEnabled', [Boolean]$AnalyticsTurnedOff.Enabled)
            }

            $highSeverityAlerts = $tenantSettings.NotificationPreferences | Where-Object -FilterScript {$_.NotificationType -eq 'HighSeverityAlerts'}
            if ($null -ne $highSeverityAlerts)
            {
                $tenantSettingsHash.Add('HighSeverityAlertsEnabled', [Boolean]$highSeverityAlerts.Enabled)
                $tenantSettingsHash.Add('HighSeverityAlertsRoleGroups', [Array]$highSeverityAlerts.RoleGroups)
            }

            $policiesHealth = $tenantSettings.NotificationPreferences | Where-Object -FilterScript {$_.NotificationType -eq 'PoliciesHealth'}
            if ($null -ne $policiesHealth)
            {
                $tenantSettingsHash.Add('PoliciesHealthEnabled', [Boolean]$policiesHealth.Enabled)
                $tenantSettingsHash.Add('PoliciesHealthRoleGroups', [Array]$policiesHealth.RoleGroups)
            }

            if ($null -ne $tenantSettings.FeatureSettings.NotificationDetails)
            {
                $tenantSettingsHash.Add('NotificationDetailsEnabled', $true)
                $tenantSettingsHash.Add('NotificationDetailsRoleGroups', [Array]$tenantSettings.FeatureSettings.NotificationDetails.RoleGroups)
            }
            else
            {
                $tenantSettingsHash.Add('NotificationDetailsEnabled', $false)
            }

            # Adaptive Protection
            $AdaptiveProtectionEnabledValue = $false
            if ($null -ne $tenantSettings.DynamicRiskPreventionSettings -and `
                $null -ne $tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings)
            {
                if ($tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings.ActivationStatus -eq 0)
                {
                    $AdaptiveProtectionEnabledValue = $true
                }
                else
                {
                    $AdaptiveProtectionEnabledValue = $false
                }

                # High Profile
                if ($null -ne $tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings.HighProfile)
                {
                    $highProfile = $tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings.HighProfile
                    $tenantSettingsHash.Add('AdaptiveProtectionHighProfileSourceType', $highProfile.ProfileSourceType)
                    $tenantSettingsHash.Add('AdaptiveProtectionHighProfileConfirmedIssueSeverity', $highProfile.ConfirmedIssueSeverity)
                    $tenantSettingsHash.Add('AdaptiveProtectionHighProfileGeneratedIssueSeverity', $highProfile.GeneratedIssueSeverity)
                    $tenantSettingsHash.Add('AdaptiveProtectionHighProfileInsightSeverity', $highProfile.InsightSeverity)
                    $tenantSettingsHash.Add('AdaptiveProtectionHighProfileInsightCount', $highProfile.InsightCount)
                    $tenantSettingsHash.Add('AdaptiveProtectionHighProfileInsightTypes', [Array]($highProfile.InsightTypes))
                    $tenantSettingsHash.Add('AdaptiveProtectionHighProfileConfirmedIssue', $highProfile.ConfirmedIssue)
                }

                # Medium Profile
                if ($null -ne $tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings.MediumProfile)
                {
                    $mediumProfile = $tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings.MediumProfile
                    $tenantSettingsHash.Add('AdaptiveProtectionMediumProfileSourceType', $mediumProfile.ProfileSourceType)
                    $tenantSettingsHash.Add('AdaptiveProtectionMediumProfileConfirmedIssueSeverity', $mediumProfile.ConfirmedIssueSeverity)
                    $tenantSettingsHash.Add('AdaptiveProtectionMediumProfileGeneratedIssueSeverity', $mediumProfile.GeneratedIssueSeverity)
                    $tenantSettingsHash.Add('AdaptiveProtectionMediumProfileInsightSeverity', $mediumProfile.InsightSeverity)
                    $tenantSettingsHash.Add('AdaptiveProtectionMediumProfileInsightCount', $mediumProfile.InsightCount)
                    $tenantSettingsHash.Add('AdaptiveProtectionMediumProfileInsightTypes', [Array]($mediumProfile.InsightTypes))
                    $tenantSettingsHash.Add('AdaptiveProtectionMediumProfileConfirmedIssue', $mediumProfile.ConfirmedIssue)
                }

                # Low Profile
                if ($null -ne $tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings.LowProfile)
                {
                    $lowProfile = $tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings.LowProfile
                    $tenantSettingsHash.Add('AdaptiveProtectionLowProfileSourceType', $lowProfile.ProfileSourceType)
                    $tenantSettingsHash.Add('AdaptiveProtectionLowProfileConfirmedIssueSeverity', $lowProfile.ConfirmedIssueSeverity)
                    $tenantSettingsHash.Add('AdaptiveProtectionLowProfileGeneratedIssueSeverity', $lowProfile.GeneratedIssueSeverity)
                    $tenantSettingsHash.Add('AdaptiveProtectionLowProfileInsightSeverity', $lowProfile.InsightSeverity)
                    $tenantSettingsHash.Add('AdaptiveProtectionLowProfileInsightCount', $lowProfile.InsightCount)
                    $tenantSettingsHash.Add('AdaptiveProtectionLowProfileInsightTypes', [Array]($lowProfile.InsightTypes))
                    $tenantSettingsHash.Add('AdaptiveProtectionLowProfileConfirmedIssue', $lowProfile.ConfirmedIssue)
                }

                $tenantSettingsHash.Add('ProfileInScopeTimeSpan', $tenantSettings.DynamicRiskPreventionSettings.ProfileInScopeTimeSpan)
                $tenantSettingsHash.Add('LookbackTimeSpan', $tenantSettings.DynamicRiskPreventionSettings.LookbackTimeSpan)
                $tenantSettingsHash.Add('RetainSeverityAfterTriage', $tenantSettings.DynamicRiskPreventionSettings.RetainSeverityAfterTriage)
            }
            $tenantSettingsHash.Add('AdaptiveProtectionEnabled', $AdaptiveProtectionEnabledValue)

            $results += $tenantSettingsHash
        }

        return [System.Collections.Hashtable] $results
    }
    catch
    {
        Write-Verbose -Message $_
        New-M365DSCLogEntry -Message 'Error retrieving data:' `
            -Exception $_ `
            -Source $($MyInvocation.MyCommand.Source) `
            -TenantId $TenantId `
            -Credential $Credential

        return $nullResult
    }
}

function Set-TargetResource
{
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory = $true)]
        [System.String]
        $Name,

        [Parameter(Mandatory = $true)]
        [System.String]
        $InsiderRiskScenario,

        [Parameter()]
        [System.Boolean]
        $Anonymization,

        [Parameter()]
        [System.Boolean]
        $DLPUserRiskSync,

        [Parameter()]
        [System.Boolean]
        $OptInIRMDataExport,

        [Parameter()]
        [System.Boolean]
        $RaiseAuditAlert,

        [Parameter()]
        [System.String]
        $FileVolCutoffLimits,

        [Parameter()]
        [System.String]
        $AlertVolume,

        [Parameter()]
        [System.Boolean]
        $AnomalyDetections,

        [Parameter()]
        [System.Boolean]
        $CopyToPersonalCloud,

        [Parameter()]
        [System.Boolean]
        $CopyToUSB,

        [Parameter()]
        [System.Boolean]
        $CumulativeExfiltrationDetector,

        [Parameter()]
        [System.Boolean]
        $EmailExternal,

        [Parameter()]
        [System.Boolean]
        $EmployeeAccessedEmployeePatientData,

        [Parameter()]
        [System.Boolean]
        $EmployeeAccessedFamilyData,

        [Parameter()]
        [System.Boolean]
        $EmployeeAccessedHighVolumePatientData,

        [Parameter()]
        [System.Boolean]
        $EmployeeAccessedNeighbourData,

        [Parameter()]
        [System.Boolean]
        $EmployeeAccessedRestrictedData,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToChildAbuseSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToCriminalActivitySites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToCultSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToGamblingSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToHackingSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToHateIntoleranceSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToIllegalSoftwareSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToKeyloggerSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToLlmSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToMalwareSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToPhishingSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToPornographySites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToUnallowedDomain,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToViolenceSites,

        [Parameter()]
        [System.Boolean]
        $EpoCopyToClipboardFromSensitiveFile,

        [Parameter()]
        [System.Boolean]
        $EpoCopyToNetworkShare,

        [Parameter()]
        [System.Boolean]
        $EpoFileArchived,

        [Parameter()]
        [System.Boolean]
        $EpoFileCopiedToRemoteDesktopSession,

        [Parameter()]
        [System.Boolean]
        $EpoFileDeleted,

        [Parameter()]
        [System.Boolean]
        $EpoFileDownloadedFromBlacklistedDomain,

        [Parameter()]
        [System.Boolean]
        $EpoFileDownloadedFromEnterpriseDomain,

        [Parameter()]
        [System.Boolean]
        $EpoFileRenamed,

        [Parameter()]
        [System.Boolean]
        $EpoFileStagedToCentralLocation,

        [Parameter()]
        [System.Boolean]
        $EpoHiddenFileCreated,

        [Parameter()]
        [System.Boolean]
        $EpoRemovableMediaMount,

        [Parameter()]
        [System.Boolean]
        $EpoSensitiveFileRead,

        [Parameter()]
        [System.Boolean]
        $Mcas3rdPartyAppDownload,

        [Parameter()]
        [System.Boolean]
        $Mcas3rdPartyAppFileDelete,

        [Parameter()]
        [System.Boolean]
        $Mcas3rdPartyAppFileSharing,

        [Parameter()]
        [System.Boolean]
        $McasActivityFromInfrequentCountry,

        [Parameter()]
        [System.Boolean]
        $McasImpossibleTravel,

        [Parameter()]
        [System.Boolean]
        $McasMultipleFailedLogins,

        [Parameter()]
        [System.Boolean]
        $McasMultipleStorageDeletion,

        [Parameter()]
        [System.Boolean]
        $McasMultipleVMCreation,

        [Parameter()]
        [System.Boolean]
        $McasMultipleVMDeletion,

        [Parameter()]
        [System.Boolean]
        $McasSuspiciousAdminActivities,

        [Parameter()]
        [System.Boolean]
        $McasSuspiciousCloudCreation,

        [Parameter()]
        [System.Boolean]
        $McasSuspiciousCloudTrailLoggingChange,

        [Parameter()]
        [System.Boolean]
        $McasTerminatedEmployeeActivity,

        [Parameter()]
        [System.Boolean]
        $OdbDownload,

        [Parameter()]
        [System.Boolean]
        $OdbSyncDownload,

        [Parameter()]
        [System.Boolean]
        $PeerCumulativeExfiltrationDetector,

        [Parameter()]
        [System.Boolean]
        $PhysicalAccess,

        [Parameter()]
        [System.Boolean]
        $PotentialHighImpactUser,

        [Parameter()]
        [System.Boolean]
        $Print,

        [Parameter()]
        [System.Boolean]
        $PriorityUserGroupMember,

        [Parameter()]
        [System.Boolean]
        $SecurityAlertDefenseEvasion,

        [Parameter()]
        [System.Boolean]
        $SecurityAlertUnwantedSoftware,

        [Parameter()]
        [System.Boolean]
        $SpoAccessRequest,

        [Parameter()]
        [System.Boolean]
        $SpoApprovedAccess,

        [Parameter()]
        [System.Boolean]
        $SpoDownload,

        [Parameter()]
        [System.Boolean]
        $SpoDownloadV2,

        [Parameter()]
        [System.Boolean]
        $SpoFileAccessed,

        [Parameter()]
        [System.Boolean]
        $SpoFileDeleted,

        [Parameter()]
        [System.Boolean]
        $SpoFileDeletedFromFirstStageRecycleBin,

        [Parameter()]
        [System.Boolean]
        $SpoFileDeletedFromSecondStageRecycleBin,

        [Parameter()]
        [System.Boolean]
        $SpoFileLabelDowngraded,

        [Parameter()]
        [System.Boolean]
        $SpoFileLabelRemoved,

        [Parameter()]
        [System.Boolean]
        $SpoFileSharing,

        [Parameter()]
        [System.Boolean]
        $SpoFolderDeleted,

        [Parameter()]
        [System.Boolean]
        $SpoFolderDeletedFromFirstStageRecycleBin,

        [Parameter()]
        [System.Boolean]
        $SpoFolderDeletedFromSecondStageRecycleBin,

        [Parameter()]
        [System.Boolean]
        $SpoFolderSharing,

        [Parameter()]
        [System.Boolean]
        $SpoSiteExternalUserAdded,

        [Parameter()]
        [System.Boolean]
        $SpoSiteInternalUserAdded,

        [Parameter()]
        [System.Boolean]
        $SpoSiteLabelRemoved,

        [Parameter()]
        [System.Boolean]
        $SpoSiteSharing,

        [Parameter()]
        [System.Boolean]
        $SpoSyncDownload,

        [Parameter()]
        [System.Boolean]
        $TeamsChannelFileSharedExternal,

        [Parameter()]
        [System.Boolean]
        $TeamsChannelMemberAddedExternal,

        [Parameter()]
        [System.Boolean]
        $TeamsChatFileSharedExternal,

        [Parameter()]
        [System.Boolean]
        $TeamsFileDownload,

        [Parameter()]
        [System.Boolean]
        $TeamsFolderSharedExternal,

        [Parameter()]
        [System.Boolean]
        $TeamsMemberAddedExternal,

        [Parameter()]
        [System.Boolean]
        $TeamsSensitiveMessage,

        [Parameter()]
        [System.Boolean]
        $UserHistory,

        [Parameter()]
        [System.Boolean]
        $AWSS3BlockPublicAccessDisabled,

        [Parameter()]
        [System.Boolean]
        $AWSS3BucketDeleted,

        [Parameter()]
        [System.Boolean]
        $AWSS3PublicAccessEnabled,

        [Parameter()]
        [System.Boolean]
        $AWSS3ServerLoggingDisabled,

        [Parameter()]
        [System.Boolean]
        $AzureElevateAccessToAllSubscriptions,

        [Parameter()]
        [System.Boolean]
        $AzureResourceThreatProtectionSettingsUpdated,

        [Parameter()]
        [System.Boolean]
        $AzureSQLServerAuditingSettingsUpdated,

        [Parameter()]
        [System.Boolean]
        $AzureSQLServerFirewallRuleDeleted,

        [Parameter()]
        [System.Boolean]
        $AzureSQLServerFirewallRuleUpdated,

        [Parameter()]
        [System.Boolean]
        $AzureStorageAccountOrContainerDeleted,

        [Parameter()]
        [System.Boolean]
        $BoxContentAccess,

        [Parameter()]
        [System.Boolean]
        $BoxContentDelete,

        [Parameter()]
        [System.Boolean]
        $BoxContentDownload,

        [Parameter()]
        [System.Boolean]
        $BoxContentExternallyShared,

        [Parameter()]
        [System.Boolean]
        $CCFinancialRegulatoryRiskyTextSent,

        [Parameter()]
        [System.Boolean]
        $CCInappropriateContentSent,

        [Parameter()]
        [System.Boolean]
        $CCInappropriateImagesSent,

        [Parameter()]
        [System.Boolean]
        $DropboxContentAccess,

        [Parameter()]
        [System.Boolean]
        $DropboxContentDelete,

        [Parameter()]
        [System.Boolean]
        $DropboxContentDownload,

        [Parameter()]
        [System.Boolean]
        $DropboxContentExternallyShared,

        [Parameter()]
        [System.Boolean]
        $GoogleDriveContentAccess,

        [Parameter()]
        [System.Boolean]
        $GoogleDriveContentDelete,

        [Parameter()]
        [System.Boolean]
        $GoogleDriveContentExternallyShared,

        [Parameter()]
        [System.Boolean]
        $PowerBIDashboardsDeleted,

        [Parameter()]
        [System.Boolean]
        $PowerBIReportsDeleted,

        [Parameter()]
        [System.Boolean]
        $PowerBIReportsDownloaded,

        [Parameter()]
        [System.Boolean]
        $PowerBIReportsExported,

        [Parameter()]
        [System.Boolean]
        $PowerBIReportsViewed,

        [Parameter()]
        [System.Boolean]
        $PowerBISemanticModelsDeleted,

        [Parameter()]
        [System.Boolean]
        $PowerBISensitivityLabelDowngradedForArtifacts,

        [Parameter()]
        [System.Boolean]
        $PowerBISensitivityLabelRemovedFromArtifacts,

        [Parameter()]
        [System.String]
        $HistoricTimeSpan,

        [Parameter()]
        [System.String]
        $InScopeTimeSpan,

        [Parameter()]
        [System.Boolean]
        $EnableTeam,

        [Parameter()]
        [System.Boolean]
        $AnalyticsNewInsightEnabled,

        [Parameter()]
        [System.Boolean]
        $AnalyticsTurnedOffEnabled,

        [Parameter()]
        [System.Boolean]
        $HighSeverityAlertsEnabled,

        [Parameter()]
        [System.String[]]
        $HighSeverityAlertsRoleGroups,

        [Parameter()]
        [System.Boolean]
        $PoliciesHealthEnabled,

        [Parameter()]
        [System.String[]]
        $PoliciesHealthRoleGroups,

        [Parameter()]
        [System.Boolean]
        $NotificationDetailsEnabled,

        [Parameter()]
        [System.String[]]
        $NotificationDetailsRoleGroups,

        [Parameter()]
        [System.Boolean]
        $ClipDeletionEnabled,

        [Parameter()]
        [System.Boolean]
        $SessionRecordingEnabled,

        [Parameter()]
        [System.String]
        $RecordingTimeframePreEventInSec,

        [Parameter()]
        [System.String]
        $RecordingTimeframePostEventInSec,

        [Parameter()]
        [System.String]
        $BandwidthCapInMb,

        [Parameter()]
        [System.String]
        $OfflineRecordingStorageLimitInMb,

        [Parameter()]
        [System.Boolean]
        $AdaptiveProtectionEnabled,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionHighProfileSourceType,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionHighProfileConfirmedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionHighProfileGeneratedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionHighProfileInsightSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionHighProfileInsightCount,

        [Parameter()]
        [System.String[]]
        $AdaptiveProtectionHighProfileInsightTypes,

        [Parameter()]
        [System.Boolean]
        $AdaptiveProtectionHighProfileConfirmedIssue,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionMediumProfileSourceType,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionMediumProfileConfirmedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionMediumProfileGeneratedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionMediumProfileInsightSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionMediumProfileInsightCount,

        [Parameter()]
        [System.String[]]
        $AdaptiveProtectionMediumProfileInsightTypes,

        [Parameter()]
        [System.Boolean]
        $AdaptiveProtectionMediumProfileConfirmedIssue,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionLowProfileSourceType,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionLowProfileConfirmedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionLowProfileGeneratedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionLowProfileInsightSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionLowProfileInsightCount,

        [Parameter()]
        [System.String[]]
        $AdaptiveProtectionLowProfileInsightTypes,

        [Parameter()]
        [System.Boolean]
        $AdaptiveProtectionLowProfileConfirmedIssue,

        [Parameter()]
        [System.UInt32]
        $ProfileInscopeTimeSpan,

        [Parameter()]
        [System.UInt32]
        $LookbackTimeSpan,

        [Parameter()]
        [System.Boolean]
        $RetainSeverityAfterTriage,

        [Parameter()]
        [ValidateSet('Present', 'Absent')]
        [System.String]
        $Ensure = 'Present',

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $Credential,

        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint,

        [Parameter()]
        [Switch]
        $ManagedIdentity,

        [Parameter()]
        [System.String[]]
        $AccessTokens
    )

    #Ensure the proper dependencies are installed in the current environment.
    Confirm-M365DSCDependencies

    #region Telemetry
    $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '')
    $CommandName = $MyInvocation.MyCommand
    $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
        -CommandName $CommandName `
        -Parameters $PSBoundParameters
    Add-M365DSCTelemetryEvent -Data $data
    #endregion

    $currentInstance = Get-TargetResource @PSBoundParameters

    $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters

    $indicatorsProperties = @('AnomalyDetections','CopyToPersonalCloud','CopyToUSB','CumulativeExfiltrationDetector', `
                              'EmailExternal','EmployeeAccessedEmployeePatientData','EmployeeAccessedFamilyData', `
                              'EmployeeAccessedHighVolumePatientData','EmployeeAccessedNeighbourData', `
                              'EmployeeAccessedRestrictedData','EpoBrowseToChildAbuseSites','EpoBrowseToCriminalActivitySites', `
                              'EpoBrowseToCultSites','EpoBrowseToGamblingSites','EpoBrowseToHackingSites', `
                              'EpoBrowseToHateIntoleranceSites','EpoBrowseToIllegalSoftwareSites','EpoBrowseToKeyloggerSites', `
                              'EpoBrowseToLlmSites','EpoBrowseToMalwareSites','EpoBrowseToPhishingSites', `
                              'EpoBrowseToPornographySites','EpoBrowseToUnallowedDomain','EpoBrowseToViolenceSites', `
                              'EpoCopyToClipboardFromSensitiveFile','EpoCopyToNetworkShare','EpoFileArchived', `
                              'EpoFileCopiedToRemoteDesktopSession','EpoFileDeleted','EpoFileDownloadedFromBlacklistedDomain', `
                              'EpoFileDownloadedFromEnterpriseDomain','EpoFileRenamed','EpoFileStagedToCentralLocation', `
                              'EpoHiddenFileCreated','EpoRemovableMediaMount','EpoSensitiveFileRead','Mcas3rdPartyAppDownload', `
                              'Mcas3rdPartyAppFileDelete','Mcas3rdPartyAppFileSharing','McasActivityFromInfrequentCountry', `
                              'McasImpossibleTravel','McasMultipleFailedLogins','McasMultipleStorageDeletion', `
                              'McasMultipleVMCreation','McasMultipleVMDeletion','McasSuspiciousAdminActivities', `
                              'McasSuspiciousCloudCreation','McasSuspiciousCloudTrailLoggingChange','McasTerminatedEmployeeActivity', `
                              'OdbDownload','OdbSyncDownload','PeerCumulativeExfiltrationDetector','PhysicalAccess', `
                              'PotentialHighImpactUser','Print','PriorityUserGroupMember','SecurityAlertDefenseEvasion', `
                              'SecurityAlertUnwantedSoftware','SpoAccessRequest','SpoApprovedAccess','SpoDownload','SpoDownloadV2', `
                              'SpoFileAccessed','SpoFileDeleted','SpoFileDeletedFromFirstStageRecycleBin', `
                              'SpoFileDeletedFromSecondStageRecycleBin','SpoFileLabelDowngraded','SpoFileLabelRemoved', `
                              'SpoFileSharing','SpoFolderDeleted','SpoFolderDeletedFromFirstStageRecycleBin', `
                              'SpoFolderDeletedFromSecondStageRecycleBin','SpoFolderSharing','SpoSiteExternalUserAdded', `
                              'SpoSiteInternalUserAdded','SpoSiteLabelRemoved','SpoSiteSharing','SpoSyncDownload', `
                              'TeamsChannelFileSharedExternal','TeamsChannelMemberAddedExternal','TeamsChatFileSharedExternal', `
                              'TeamsFileDownload','TeamsFolderSharedExternal','TeamsMemberAddedExternal','TeamsSensitiveMessage', `
                              'UserHistory')

    $indicatorValues = @()
    foreach ($indicatorProperty in $indicatorsProperties)
    {
        if ($PSBoundParameters.ContainsKey($indicatorProperty))
        {
            $indicatorValues += "{`"Name`":`"$indicatorProperty`",`"Type`":`"Insight`",`"Enabled`":$(($PSBoundParameters.$indicatorProperty).ToString().ToLower()),`"UseDefault`":true,`"ThresholdMode`":`"Default`"}"
        }
    }

    $extensibleIndicatorsProperties = @('AWSS3BlockPublicAccessDisabled','AWSS3BucketDeleted','AWSS3PublicAccessEnabled',`
        'AWSS3ServerLoggingDisabled','AzureElevateAccessToAllSubscriptions','AzureResourceThreatProtectionSettingsUpdated', `
        'AzureSQLServerAuditingSettingsUpdated','AzureSQLServerFirewallRuleDeleted','AzureSQLServerFirewallRuleUpdated', `
        'AzureStorageAccountOrContainerDeleted','BoxContentAccess','BoxContentDelete','BoxContentDownload','BoxContentExternallyShared', `
        'CCFinancialRegulatoryRiskyTextSent','CCInappropriateContentSent','CCInappropriateImagesSent','DropboxContentAccess', `
        'DropboxContentDelete','DropboxContentDownload','DropboxContentExternallyShared','GoogleDriveContentAccess', `
        'GoogleDriveContentDelete','GoogleDriveContentExternallyShared','PowerBIDashboardsDeleted','PowerBIReportsDeleted', `
        'PowerBIReportsDownloaded','PowerBIReportsExported','PowerBIReportsViewed','PowerBISemanticModelsDeleted', `
        'PowerBISensitivityLabelDowngradedForArtifacts','PowerBISensitivityLabelRemovedFromArtifacts')

    $extensibleIndicatorsValues = @()
    foreach ($extensibleIndicatorsProperty in $extensibleIndicatorsProperties)
    {
        if ($PSBoundParameters.ContainsKey($extensibleIndicatorsProperty))
        {
            $extensibleIndicatorsValues += "{`"Name`":`"$extensibleIndicatorsProperty`",`"Type`":`"ExtensibleInsight`",`"Enabled`":$(($PSBoundParameters.$extensibleIndicatorsProperty).ToString().ToLower()),`"UseDefault`":true,`"ThresholdMode`":`"Default`"}"
        }
    }

    # Tenant Settings
    $featureSettingsValue = "{`"Anonymization`":$($Anonymization.ToString().ToLower()), `"DLPUserRiskSync`":$($DLPUserRiskSync.ToString().ToLower()), `"OptInIRMDataExport`":$($OptInIRMDataExport.ToString().ToLower()), `"RaiseAuditAlert`":$($RaiseAuditAlert.ToString().ToLower()), `"EnableTeam`":$($EnableTeam.ToString().ToLower())}"
    $intelligentDetectionValue = "{`"FileVolCutoffLimits`":`"$($FileVolCutoffLimits)`", `"AlertVolume`":`"$($AlertVolume)`"}"


    $tenantSettingsValue = "{`"Region`":`"WW`", `"FeatureSettings`":$($featureSettingsValue), " + `
                            "`"IntelligentDetections`":$($intelligentDetectionValue)"
    if ($null -ne $AdaptiveProtectionEnabled)
    {
        Write-Verbose -Message "Adding Adaptive Protection setting to the set parameters."
        $AdaptiveProtectionActivatonStatus = 1
        if ($AdaptiveProtectionEnabled)
        {
            $AdaptiveProtectionActivatonStatus = 0
        }
        $dynamicRiskPreventionSettings = "{`"RetainSeverityAfterTriage`":$($RetainSeverityAfterTriage.ToString().ToLower()),`"ProfileInScopeTimeSpan`":$($ProfileInscopeTimeSpan), `"LookbackTimeSpan`":$($LookbackTimeSpan), `"DynamicRiskScenarioSettings`":[{`"ActivationStatus`":$AdaptiveProtectionActivatonStatus"
        $dynamicRiskPreventionSettings += ", `"HighProfile`":{`"ProfileSourceType`":$($AdaptiveProtectionHighProfileSourceType), `"ConfirmedIssueSeverity`":$($AdaptiveProtectionHighProfileConfirmedIssueSeverity), `"GeneratedIssueSeverity`":$($AdaptiveProtectionHighProfileGeneratedIssueSeverity), `"InsightSeverity`": $($AdaptiveProtectionHighProfileInsightSeverity), `"InsightCount`": $($AdaptiveProtectionHighProfileInsightCount), `"InsightTypes`": [`"$($AdaptiveProtectionHighProfileInsightTypes -join '","')`"], `"ConfirmedIssue`": $($AdaptiveProtectionHighProfileConfirmedIssue.ToString().ToLower())}"
        $dynamicRiskPreventionSettings += ", `"MediumProfile`":{`"ProfileSourceType`":$($AdaptiveProtectionMediumProfileSourceType), `"ConfirmedIssueSeverity`":$($AdaptiveProtectionMediumProfileConfirmedIssueSeverity), `"GeneratedIssueSeverity`":$($AdaptiveProtectionMediumProfileGeneratedIssueSeverity), `"InsightSeverity`": $($AdaptiveProtectionMediumProfileInsightSeverity), `"InsightCount`": $($AdaptiveProtectionMediumProfileInsightCount), `"InsightTypes`": [`"$($AdaptiveProtectionMediumProfileInsightTypes -join '","')`"], `"ConfirmedIssue`": $($AdaptiveProtectionMediumProfileConfirmedIssue.ToString().ToLower())}"
        $dynamicRiskPreventionSettings += ", `"LowProfile`":{`"ProfileSourceType`":$($AdaptiveProtectionLowProfileSourceType), `"ConfirmedIssueSeverity`":$($AdaptiveProtectionLowProfileConfirmedIssueSeverity), `"GeneratedIssueSeverity`":$($AdaptiveProtectionLowProfileGeneratedIssueSeverity), `"InsightSeverity`": $($AdaptiveProtectionLowProfileInsightSeverity), `"InsightCount`": $($AdaptiveProtectionLowProfileInsightCount), `"InsightTypes`": [`"$($AdaptiveProtectionLowProfileInsightTypes -join '","')`"], `"ConfirmedIssue`": $($AdaptiveProtectionLowProfileConfirmedIssue.ToString().ToLower())}"
        $dynamicRiskPreventionSettings += '}]}'
        $tenantSettingsValue += ", `"DynamicRiskPreventionSettings`":$dynamicRiskPreventionSettings"
    }

    $tenantSettingsValue += "}"

    # CREATE
    if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent')
    {
        Write-Verbose -Message "Creating new Insider Risk Policy {$Name} with values:`r`nIndicators: $($indicatorValues)`r`n`r`nExtensibleIndicators: $($extensibleIndicatorsValues)`r`n`r`nTenantSettings: $($tenantSettingsValue)`r`n`r`nSessionRecordingSettings: $($sessionRecordingValues)"
        New-InsiderRiskPolicy -Name $Name -InsiderRiskScenario $InsiderRiskScenario `
                              -Indicators $indicatorValues `
                              -ExtensibleIndicators $extensibleIndicatorsValues `
                              -TenantSetting $tenantSettingsValue `
                              -HistoricTimeSpan $HistoricTimeSpan `
                              -InScopeTimeSpan $InScopeTimeSpan `
                              -SessionRecordingSettings $sessionRecordingValues
    }
    # UPDATE
    elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present')
    {
        Write-Verbose -Message "Updating existing Insider Risk Policy {$Name} with values:`r`nIndicators: $($indicatorValues)`r`n`r`nExtensibleIndicators: $($extensibleIndicatorsValues)`r`n`r`nTenantSettings: $($tenantSettingsValue)`r`n`r`nSessionRecordingSettings: $($sessionRecordingValues)"

        if ($InsiderRiskScenario -eq 'SessionRecordingSetting')
        {
            $sessionRecordingValues = "{`"RecordingMode`":`"EventDriven`", `"RecordingTimeframePreEventInSec`":$($RecordingTimeframePreEventInSec),`"RecordingTimeframePostEventInSec`":$($RecordingTimeframePostEventInSec),`"BandwidthCapInMb`":$($BandwidthCapInMb),`"OfflineRecordingStorageLimitInMb`":$($OfflineRecordingStorageLimitInMb),`"ClipDeletionEnabled`":$($ClipDeletionEnabled.ToString().ToLower()),`"Enabled`":$($SessionRecordingEnabled.ToString().ToLower()),`"FpsNumerator`":0,`"FpsDenominator`":0}"
            Write-Verbose -Message 'Updating Session Recording Settings'
            Set-InsiderRiskPolicy -Identity $Name -SessionRecordingSettings $sessionRecordingValues | Out-Null
        }
        else
        {
            Set-InsiderRiskPolicy -Identity $Name -Indicators $indicatorValues `
                -ExtensibleIndicators $extensibleIndicatorsValues `
                -TenantSetting $tenantSettingsValue `
                -HistoricTimeSpan $HistoricTimeSpan `
                -InScopeTimeSpan $InScopeTimeSpan
        }
    }
    # REMOVE
    elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
    {
        Write-Verbose -Message "Removing Insider Risk Policy {$Name}"
        Remove-InsiderRiskPolicy -Identity $Name -Confirm:$false
    }
}

function Test-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Boolean])]
    param
    (
        [Parameter(Mandatory = $true)]
        [System.String]
        $Name,

        [Parameter(Mandatory = $true)]
        [System.String]
        $InsiderRiskScenario,

        [Parameter()]
        [System.Boolean]
        $Anonymization,

        [Parameter()]
        [System.Boolean]
        $DLPUserRiskSync,

        [Parameter()]
        [System.Boolean]
        $OptInIRMDataExport,

        [Parameter()]
        [System.Boolean]
        $RaiseAuditAlert,

        [Parameter()]
        [System.String]
        $FileVolCutoffLimits,

        [Parameter()]
        [System.String]
        $AlertVolume,

        [Parameter()]
        [System.Boolean]
        $AnomalyDetections,

        [Parameter()]
        [System.Boolean]
        $CopyToPersonalCloud,

        [Parameter()]
        [System.Boolean]
        $CopyToUSB,

        [Parameter()]
        [System.Boolean]
        $CumulativeExfiltrationDetector,

        [Parameter()]
        [System.Boolean]
        $EmailExternal,

        [Parameter()]
        [System.Boolean]
        $EmployeeAccessedEmployeePatientData,

        [Parameter()]
        [System.Boolean]
        $EmployeeAccessedFamilyData,

        [Parameter()]
        [System.Boolean]
        $EmployeeAccessedHighVolumePatientData,

        [Parameter()]
        [System.Boolean]
        $EmployeeAccessedNeighbourData,

        [Parameter()]
        [System.Boolean]
        $EmployeeAccessedRestrictedData,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToChildAbuseSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToCriminalActivitySites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToCultSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToGamblingSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToHackingSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToHateIntoleranceSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToIllegalSoftwareSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToKeyloggerSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToLlmSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToMalwareSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToPhishingSites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToPornographySites,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToUnallowedDomain,

        [Parameter()]
        [System.Boolean]
        $EpoBrowseToViolenceSites,

        [Parameter()]
        [System.Boolean]
        $EpoCopyToClipboardFromSensitiveFile,

        [Parameter()]
        [System.Boolean]
        $EpoCopyToNetworkShare,

        [Parameter()]
        [System.Boolean]
        $EpoFileArchived,

        [Parameter()]
        [System.Boolean]
        $EpoFileCopiedToRemoteDesktopSession,

        [Parameter()]
        [System.Boolean]
        $EpoFileDeleted,

        [Parameter()]
        [System.Boolean]
        $EpoFileDownloadedFromBlacklistedDomain,

        [Parameter()]
        [System.Boolean]
        $EpoFileDownloadedFromEnterpriseDomain,

        [Parameter()]
        [System.Boolean]
        $EpoFileRenamed,

        [Parameter()]
        [System.Boolean]
        $EpoFileStagedToCentralLocation,

        [Parameter()]
        [System.Boolean]
        $EpoHiddenFileCreated,

        [Parameter()]
        [System.Boolean]
        $EpoRemovableMediaMount,

        [Parameter()]
        [System.Boolean]
        $EpoSensitiveFileRead,

        [Parameter()]
        [System.Boolean]
        $Mcas3rdPartyAppDownload,

        [Parameter()]
        [System.Boolean]
        $Mcas3rdPartyAppFileDelete,

        [Parameter()]
        [System.Boolean]
        $Mcas3rdPartyAppFileSharing,

        [Parameter()]
        [System.Boolean]
        $McasActivityFromInfrequentCountry,

        [Parameter()]
        [System.Boolean]
        $McasImpossibleTravel,

        [Parameter()]
        [System.Boolean]
        $McasMultipleFailedLogins,

        [Parameter()]
        [System.Boolean]
        $McasMultipleStorageDeletion,

        [Parameter()]
        [System.Boolean]
        $McasMultipleVMCreation,

        [Parameter()]
        [System.Boolean]
        $McasMultipleVMDeletion,

        [Parameter()]
        [System.Boolean]
        $McasSuspiciousAdminActivities,

        [Parameter()]
        [System.Boolean]
        $McasSuspiciousCloudCreation,

        [Parameter()]
        [System.Boolean]
        $McasSuspiciousCloudTrailLoggingChange,

        [Parameter()]
        [System.Boolean]
        $McasTerminatedEmployeeActivity,

        [Parameter()]
        [System.Boolean]
        $OdbDownload,

        [Parameter()]
        [System.Boolean]
        $OdbSyncDownload,

        [Parameter()]
        [System.Boolean]
        $PeerCumulativeExfiltrationDetector,

        [Parameter()]
        [System.Boolean]
        $PhysicalAccess,

        [Parameter()]
        [System.Boolean]
        $PotentialHighImpactUser,

        [Parameter()]
        [System.Boolean]
        $Print,

        [Parameter()]
        [System.Boolean]
        $PriorityUserGroupMember,

        [Parameter()]
        [System.Boolean]
        $SecurityAlertDefenseEvasion,

        [Parameter()]
        [System.Boolean]
        $SecurityAlertUnwantedSoftware,

        [Parameter()]
        [System.Boolean]
        $SpoAccessRequest,

        [Parameter()]
        [System.Boolean]
        $SpoApprovedAccess,

        [Parameter()]
        [System.Boolean]
        $SpoDownload,

        [Parameter()]
        [System.Boolean]
        $SpoDownloadV2,

        [Parameter()]
        [System.Boolean]
        $SpoFileAccessed,

        [Parameter()]
        [System.Boolean]
        $SpoFileDeleted,

        [Parameter()]
        [System.Boolean]
        $SpoFileDeletedFromFirstStageRecycleBin,

        [Parameter()]
        [System.Boolean]
        $SpoFileDeletedFromSecondStageRecycleBin,

        [Parameter()]
        [System.Boolean]
        $SpoFileLabelDowngraded,

        [Parameter()]
        [System.Boolean]
        $SpoFileLabelRemoved,

        [Parameter()]
        [System.Boolean]
        $SpoFileSharing,

        [Parameter()]
        [System.Boolean]
        $SpoFolderDeleted,

        [Parameter()]
        [System.Boolean]
        $SpoFolderDeletedFromFirstStageRecycleBin,

        [Parameter()]
        [System.Boolean]
        $SpoFolderDeletedFromSecondStageRecycleBin,

        [Parameter()]
        [System.Boolean]
        $SpoFolderSharing,

        [Parameter()]
        [System.Boolean]
        $SpoSiteExternalUserAdded,

        [Parameter()]
        [System.Boolean]
        $SpoSiteInternalUserAdded,

        [Parameter()]
        [System.Boolean]
        $SpoSiteLabelRemoved,

        [Parameter()]
        [System.Boolean]
        $SpoSiteSharing,

        [Parameter()]
        [System.Boolean]
        $SpoSyncDownload,

        [Parameter()]
        [System.Boolean]
        $TeamsChannelFileSharedExternal,

        [Parameter()]
        [System.Boolean]
        $TeamsChannelMemberAddedExternal,

        [Parameter()]
        [System.Boolean]
        $TeamsChatFileSharedExternal,

        [Parameter()]
        [System.Boolean]
        $TeamsFileDownload,

        [Parameter()]
        [System.Boolean]
        $TeamsFolderSharedExternal,

        [Parameter()]
        [System.Boolean]
        $TeamsMemberAddedExternal,

        [Parameter()]
        [System.Boolean]
        $TeamsSensitiveMessage,

        [Parameter()]
        [System.Boolean]
        $UserHistory,

        [Parameter()]
        [System.Boolean]
        $AWSS3BlockPublicAccessDisabled,

        [Parameter()]
        [System.Boolean]
        $AWSS3BucketDeleted,

        [Parameter()]
        [System.Boolean]
        $AWSS3PublicAccessEnabled,

        [Parameter()]
        [System.Boolean]
        $AWSS3ServerLoggingDisabled,

        [Parameter()]
        [System.Boolean]
        $AzureElevateAccessToAllSubscriptions,

        [Parameter()]
        [System.Boolean]
        $AzureResourceThreatProtectionSettingsUpdated,

        [Parameter()]
        [System.Boolean]
        $AzureSQLServerAuditingSettingsUpdated,

        [Parameter()]
        [System.Boolean]
        $AzureSQLServerFirewallRuleDeleted,

        [Parameter()]
        [System.Boolean]
        $AzureSQLServerFirewallRuleUpdated,

        [Parameter()]
        [System.Boolean]
        $AzureStorageAccountOrContainerDeleted,

        [Parameter()]
        [System.Boolean]
        $BoxContentAccess,

        [Parameter()]
        [System.Boolean]
        $BoxContentDelete,

        [Parameter()]
        [System.Boolean]
        $BoxContentDownload,

        [Parameter()]
        [System.Boolean]
        $BoxContentExternallyShared,

        [Parameter()]
        [System.Boolean]
        $CCFinancialRegulatoryRiskyTextSent,

        [Parameter()]
        [System.Boolean]
        $CCInappropriateContentSent,

        [Parameter()]
        [System.Boolean]
        $CCInappropriateImagesSent,

        [Parameter()]
        [System.Boolean]
        $DropboxContentAccess,

        [Parameter()]
        [System.Boolean]
        $DropboxContentDelete,

        [Parameter()]
        [System.Boolean]
        $DropboxContentDownload,

        [Parameter()]
        [System.Boolean]
        $DropboxContentExternallyShared,

        [Parameter()]
        [System.Boolean]
        $GoogleDriveContentAccess,

        [Parameter()]
        [System.Boolean]
        $GoogleDriveContentDelete,

        [Parameter()]
        [System.Boolean]
        $GoogleDriveContentExternallyShared,

        [Parameter()]
        [System.Boolean]
        $PowerBIDashboardsDeleted,

        [Parameter()]
        [System.Boolean]
        $PowerBIReportsDeleted,

        [Parameter()]
        [System.Boolean]
        $PowerBIReportsDownloaded,

        [Parameter()]
        [System.Boolean]
        $PowerBIReportsExported,

        [Parameter()]
        [System.Boolean]
        $PowerBIReportsViewed,

        [Parameter()]
        [System.Boolean]
        $PowerBISemanticModelsDeleted,

        [Parameter()]
        [System.Boolean]
        $PowerBISensitivityLabelDowngradedForArtifacts,

        [Parameter()]
        [System.Boolean]
        $PowerBISensitivityLabelRemovedFromArtifacts,

        [Parameter()]
        [System.String]
        $HistoricTimeSpan,

        [Parameter()]
        [System.String]
        $InScopeTimeSpan,

        [Parameter()]
        [System.Boolean]
        $EnableTeam,

        [Parameter()]
        [System.Boolean]
        $AnalyticsNewInsightEnabled,

        [Parameter()]
        [System.Boolean]
        $AnalyticsTurnedOffEnabled,

        [Parameter()]
        [System.Boolean]
        $HighSeverityAlertsEnabled,

        [Parameter()]
        [System.String[]]
        $HighSeverityAlertsRoleGroups,

        [Parameter()]
        [System.Boolean]
        $PoliciesHealthEnabled,

        [Parameter()]
        [System.String[]]
        $PoliciesHealthRoleGroups,

        [Parameter()]
        [System.Boolean]
        $NotificationDetailsEnabled,

        [Parameter()]
        [System.String[]]
        $NotificationDetailsRoleGroups,

        [Parameter()]
        [System.Boolean]
        $ClipDeletionEnabled,

        [Parameter()]
        [System.Boolean]
        $SessionRecordingEnabled,

        [Parameter()]
        [System.String]
        $RecordingTimeframePreEventInSec,

        [Parameter()]
        [System.String]
        $RecordingTimeframePostEventInSec,

        [Parameter()]
        [System.String]
        $BandwidthCapInMb,

        [Parameter()]
        [System.String]
        $OfflineRecordingStorageLimitInMb,

        [Parameter()]
        [System.Boolean]
        $AdaptiveProtectionEnabled,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionHighProfileSourceType,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionHighProfileConfirmedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionHighProfileGeneratedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionHighProfileInsightSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionHighProfileInsightCount,

        [Parameter()]
        [System.String[]]
        $AdaptiveProtectionHighProfileInsightTypes,

        [Parameter()]
        [System.Boolean]
        $AdaptiveProtectionHighProfileConfirmedIssue,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionMediumProfileSourceType,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionMediumProfileConfirmedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionMediumProfileGeneratedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionMediumProfileInsightSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionMediumProfileInsightCount,

        [Parameter()]
        [System.String[]]
        $AdaptiveProtectionMediumProfileInsightTypes,

        [Parameter()]
        [System.Boolean]
        $AdaptiveProtectionMediumProfileConfirmedIssue,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionLowProfileSourceType,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionLowProfileConfirmedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionLowProfileGeneratedIssueSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionLowProfileInsightSeverity,

        [Parameter()]
        [System.UInt32]
        $AdaptiveProtectionLowProfileInsightCount,

        [Parameter()]
        [System.String[]]
        $AdaptiveProtectionLowProfileInsightTypes,

        [Parameter()]
        [System.Boolean]
        $AdaptiveProtectionLowProfileConfirmedIssue,

        [Parameter()]
        [System.UInt32]
        $ProfileInscopeTimeSpan,

        [Parameter()]
        [System.UInt32]
        $LookbackTimeSpan,

        [Parameter()]
        [System.Boolean]
        $RetainSeverityAfterTriage,

        [Parameter()]
        [ValidateSet('Present', 'Absent')]
        [System.String]
        $Ensure = 'Present',

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $Credential,

        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint,

        [Parameter()]
        [Switch]
        $ManagedIdentity,

        [Parameter()]
        [System.String[]]
        $AccessTokens
    )

    #Ensure the proper dependencies are installed in the current environment.
    Confirm-M365DSCDependencies

    #region Telemetry
    $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '')
    $CommandName = $MyInvocation.MyCommand
    $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
        -CommandName $CommandName `
        -Parameters $PSBoundParameters
    Add-M365DSCTelemetryEvent -Data $data
    #endregion

    $CurrentValues = Get-TargetResource @PSBoundParameters
    $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone()

    Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
    Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)"

    $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
        -Source $($MyInvocation.MyCommand.Source) `
        -DesiredValues $PSBoundParameters `
        -ValuesToCheck $ValuesToCheck.Keys

    Write-Verbose -Message "Test-TargetResource returned $testResult"

    return $testResult
}

function Export-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.String])]
    param
    (
        [Parameter()]
        [System.Management.Automation.PSCredential]
        $Credential,

        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $ApplicationSecret,

        [Parameter()]
        [System.String]
        $CertificateThumbprint,

        [Parameter()]
        [Switch]
        $ManagedIdentity,

        [Parameter()]
        [System.String[]]
        $AccessTokens
    )

    $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' `
        -InboundParameters $PSBoundParameters

    #Ensure the proper dependencies are installed in the current environment.
    Confirm-M365DSCDependencies

    #region Telemetry
    $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '')
    $CommandName = $MyInvocation.MyCommand
    $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
        -CommandName $CommandName `
        -Parameters $PSBoundParameters
    Add-M365DSCTelemetryEvent -Data $data
    #endregion

    try
    {
        $Script:ExportMode = $true
        [array] $Script:exportedInstances = Get-InsiderRiskPolicy -ErrorAction Stop

        $dscContent = ''
        $i = 1
        if ($Script:exportedInstances.Length -eq 0)
        {
            Write-Host $Global:M365DSCEmojiGreenCheckMark
        }
        else
        {
            Write-Host "`r`n" -NoNewline
        }
        foreach ($config in $Script:exportedInstances)
        {
            if ($null -ne $Global:M365DSCExportResourceInstancesCount)
            {
                $Global:M365DSCExportResourceInstancesCount++
            }
            $displayedKey = $config.Name
            Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline
            $params = @{
                Name                  = $config.Name
                InsiderRiskScenario   = $config.InsiderRiskScenario
                Credential            = $Credential
                ApplicationId         = $ApplicationId
                TenantId              = $TenantId
                CertificateThumbprint = $CertificateThumbprint
                ManagedIdentity       = $ManagedIdentity.IsPresent
                AccessTokens          = $AccessTokens
            }

            $Results = Get-TargetResource @Params
            $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `
                -Results $Results

            $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName `
                -ConnectionMode $ConnectionMode `
                -ModulePath $PSScriptRoot `
                -Results $Results `
                -Credential $Credential
            $dscContent += $currentDSCBlock
            Save-M365DSCPartialExport -Content $currentDSCBlock `
                -FileName $Global:PartialExportFileName
            Write-Host $Global:M365DSCEmojiGreenCheckMark
            $i++
        }
        return $dscContent
    }
    catch
    {
        Write-Host $Global:M365DSCEmojiRedX

        New-M365DSCLogEntry -Message 'Error during Export:' `
            -Exception $_ `
            -Source $($MyInvocation.MyCommand.Source) `
            -TenantId $TenantId `
            -Credential $Credential

        return ''
    }
}

Export-ModuleMember -Function *-TargetResource